Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King, Richard Wilsher

Non-voting participants: Roger Quint, Varun Lal, Chris Lee, Jimmy Jung

Staff: Kay Chopard

Agenda:

  1. Administration:
    1. Roll Call and quorum determination
    2. Agenda Confirmation
    3. Minute approval (DRAFT minutes of 2021-08-12)
    4. Staff reports and updates
    5. LC reports and updates
    6. Call for Tweet-worthy items to feed (@KantaraNews)
  2. Discussion 
    1. Finalize proposed criterion language regarding "comparable alternative controls."  
    2. Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.) 
    3. Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.
  3. Any Other Business and Next Meeting Date

Meeting notes: 

Administrative items:

IAWG Chair Ken Dagg called the meeting to order at about 1:04PM (US Eastern), and called the roll. It was noted that the meeting was quorate. 

Minutes approval:  Mark King moved approval of the draft Minutes of the IAWG meeting of Aug 12 . Richard W. seconded. The minutes as distributed were approved unanimously.

Staff reports and updates: ED Kay Chopard–New APM Lynzie Adams, starts next week on Monday. Hope she will be on next call. Invite anyone to offer suggestions re: any Kantara issues.   

LC reports and updates:  Ken – LC met yesterday. Discussion of appropriate scope of activity of Kantara WGs, DGs. Results to be communicated when finalized. 

Ken  reminded WG participants that Kantara staff is ready to help them publicize their newsworthy activities via the @KantaraNews Twitter handle. Requests can be sent to Ken D or Kay C.

Discussion:


Finalize proposed criterion language regarding "comparable alternative controls."  

Ken invited Richard W. to comment. Thinks "make available" discussion last week was off-target. "MA" has been used for a long time, not caused a problem. Don't tell them how. 

martin – need to send an alert, per David. 

Richard-- can't make the RP do something. 

Other things we might do: now require statement of criteria applicability; might also require that used of CAC is "mentioned" at least in their published discussion. 

Ken: should we add to the criterion that RP acknowledge receipt.?

JJ - not possible or effective – won't read.  But if KI provided notice we would have done all we can, 

Ken :  OK with everyone to go with "no change"

JJ: can we put in "Notes": comment that we (KI) are going to publish fact of CAC.  If we do something unusual, we need to make sure they know about it. 

RW:  maybe mod language to make avail : publish how you determined CAC and config requirements to make sure it is CAC. Fact of use in S3A could be noted. 

Ken: with that add-- is group OK? 

Mark H: Ok with current language but CAC is so poorly defined in 63-3 hard to understand how an assessor should proceed. 

RW:  did try in sub-clause a-c to add some specificity.

MH:  still uncomfy, but don't see what else we can do. 

RW:  without NIST risk assessment, how can assessor establish "comparable."? Difficult situation. 

KD: asks for motion to approve language for the package:  KD, MH

KD: approved. 


Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.) 

KC: background just an email question: does KI require PAD to approve CSP at IAL2? cc: David T.  


RQ:  NIST does not require PAD currently, thought the letter might be asking if KI was doing anything more. 

MK, MH motion – approved. 

To change SAC in 63 a nd b to reflect optional nature of PAD, and if used to assess as indicafted. 

Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.

KD:  Asks Richard to confirm misc changes.

RW: Can be ready for next week. 5 sets of errata

KD:  will vote next week to complete package for submission. 


Other Business:

MK: Any further UK response? KC: Still on holiday. Allison did respond from vacation and will connect next week. MK: add to agenda for next week please.  

KD: Australia? KC:  did have 1-on-1 with Jon Thorpe. Very high level official.  Supportive of Kantara's goals for interop and also they are using NIST standards. Hoping companies don't have to go through same process multiple times for different countries.  Looking for KI to provide some leadership in these areas.  KD: excellent–may influence other countries. 

RW: just modified criteria (for PAD?) – sanity check of revised language.  Ken OK with it, JJ too but would like to have KI "lean forward a bit to credit companies who implement it." KD: We can vote next week. 

Next Meeting: August 26 to finalize the criteria change package for submission to Kantara review. 

Ken adjourned the meeting at about2:01PM US Eastern. 




  • No labels